I wrote this example specifically for my portfolio to demonstrate how I approach API documentation. Here is a link to the accompanying endpoint documentation.
EncounterForge API Authentication
The EncounterForge API uses API keys to authenticate requests. Include your API key in the Authorization header of every request.
Get your API key
API keys are generated from the EncounterForge dashboard. Each key is tied to your account and inherits your plan’s rate limits.
- Log in to your EncounterForge dashboard.
- Navigate to Settings → API Keys.
- Select Generate new key.
- Copy the key immediately.
For security reasons, the full key is only shown once at the time of generation.
Keep your API key private. Do not expose it in client-side code, public repositories, or anywhere it could be read by others. If a key is compromised, revoke it from the dashboard and generate a new one.
Making an authenticated request
Pass your API key as a Bearer token in the Authorization header:
curl https://api.encounterforge.play/v1/encounters/generate \
-H "Authorization: Bearer YOUR_API_KEY" \
-G \
-d "party_level=5" \
-d "environment=forest"
All requests must be made over HTTPS. Requests made over plain HTTP will be rejected.
Authentication errors
If a request cannot be authenticated, the API returns a 401 status code.
| Code | Cause |
|---|---|
missing_api_key | No Authorization header was included in the request. |
invalid_api_key | The key was not recognized. Check for extra spaces or truncation. |
revoked_api_key | The key has been revoked. Generate a new key from the dashboard. |
Example error response
{
"error": {
"code": "invalid_api_key",
"message": "The API key provided was not recognized. Verify the key and try again."
}
}
Keeping keys secure
- Store keys in environment variables, not in source code.
- Use separate keys for development and production environments.
- Rotate keys periodically, or immediately if you suspect a key has been exposed.